spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Odd Problem

2004-11-11 02:47:25
from [James Couzens] [Permanent Link] 
On Wed, 2004-11-10 at 16:53 -0500, Stuart D. Gathman wrote:


On Wed, 10 Nov 2004, Matt wrote:


The other day I got the following attached bounce back from a
Barracude Spam Box.. but as far as I can tell my SPF records are
correct, and this person sent mail out through one of the encompassed
mail servers.. any thoughts?


Your SPF setup is correct.  The Barracude box is broken.

Running the same data reported by the broken MTA:

IP         MAIL FROM             HELO
63.174.244.3 pioneer(_at_)chilitech(_dot_)net smtp1-ha.chilitech.net

I get PASS.


I get fail (I'm using the address pulled out of his header):

james(_at_)code3 ~ $ /usr/local/bin/spfqtool_static -d 0 -s 
jcouzens(_at_)chilitech(_dot_)net -i 198.69.197.61 -h test
SPF short result:   fail
SPF verbose result: policy result: (fail) from rule (-all)
RFC2822 header:     Received-SPF: fail (test: domain of 
jcouzens(_at_)chilitech(_dot_)net does not designate 198.69.197.61 as permitted 
sender) receiver=test; client_ip=198.69.197.61; 
envelope-from=jcouzens(_at_)chilitech(_dot_)net;

This is because his DNS is not published correctly.  Upon further
examination you'll see that his PTR record does not match because its
does not validate.  It does not validate because the reversely obtained
hostname 'du1-61-as5800-towanda.dial.chilitech.net' (from 198.69.197.61)
does not in turn then resolve forward to '198.69.197.61' and thus misses
the PTR bus and hops on the fail train.

Cheers,

James

-- 
James Couzens,
Programmer
                                                     ( ( (      
      ((__))         __\|/__        __|-|__        '. ___ .'    
       (00)           (o o)          (0~0)        '  (> <) '    
---nn-(o__o)-nn---ooO--(_)--Ooo--ooO--(_)--Ooo---ooO--(_)--Ooo---
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7A7C7DCF

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Saw this on the way to work in a nearby cemetery.., James Couzens
Next by Date:  Re: SRS/SES mailing lists?, James Couzens
Previous by Thread:  Re: Odd Problem, Stuart D. Gathman
Next by Thread:  Re: Odd Problem, Alex van den Bogaerdt
Indexes:  [Date] [Thread] [Top] [All Lists]